Microsoft Corporation
Updated April 15, 1999
When Microsoft® Internet Information Server (IIS) receives an HTTP request from a Web browser or from the Microsoft FrontPage® client, it does the following:
- The request is first attempted as the anonymous account, IUSR_machinename. If that account does not have sufficient access to complete the request, or if IIS does not have anonymous browsing enabled, then IIS returns error 401 ("Access Denied").
- IIS then performs user authentication to allow the remote user to identify himself or herself using Basic Authentication or Microsoft Windows NT® Challenge/Response. If the Web browser or FrontPage client is using Windows NT Challenge/Response, the user may not see a prompt, because the FrontPage client or the Web browser simply supplies the user name and password of the logged-in user from the client computer.
- IIS allows access to a file in the Web server only if the NTFS ACL for the file grants the correct permissions to the account being impersonated by the Web server.
Back to top